Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4NGoNmwhFZ8HlHipAwhD-_YGMbk.cer
File:                     4NGoNmwhFZ8HlHipAwhD-_YGMbk.cer (raw, json)
Hash identifier:          ZSMCbKGcuQWicp0tq6s4AEPnzxH29x6TEWqgLYW21ls=
Subject key identifier:   E0:D1:A8:36:6C:21:15:9F:07:94:78:A9:03:08:43:FB:F6:06:31:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B478D087E0C9CDD351BC44BAD804F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/4NGoNmwhFZ8HlHipAwhD-_YGMbk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.76.30.0/23
                          IP: 194.127.134.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 02:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:47:8d:08:7e:0c:9c:dd:35:1b:c4:4b:ad:80:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0d1a8366c21159f079478a9030843fbf60631b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cb:2e:eb:3c:19:eb:2c:33:9f:88:10:e2:d8:
                    a0:b6:b7:e9:29:8a:72:ff:df:66:1e:6c:76:79:fd:
                    e5:80:91:0a:56:a4:1e:64:2a:af:64:08:eb:9a:10:
                    f5:93:28:aa:0b:8d:59:fe:34:fe:af:67:f1:9e:a0:
                    d8:00:b2:ee:b6:89:0c:4b:f9:90:da:aa:24:6d:1f:
                    be:81:5d:26:a8:72:14:47:5a:d4:47:6a:ab:76:8e:
                    2a:e4:14:8b:b1:7e:7b:e6:87:e1:20:36:93:ab:9c:
                    7f:79:d4:a5:54:a3:20:3c:c9:9c:5c:a6:98:03:53:
                    96:20:4f:5a:cf:06:2e:fe:d6:2b:3c:f7:9d:d2:3d:
                    25:cf:bb:f1:13:c1:53:32:2f:92:30:a6:f2:8b:5b:
                    78:eb:6a:4d:b4:30:20:39:b0:a0:d8:e4:dd:05:59:
                    4b:7f:26:c0:a3:bc:77:b7:76:b5:d7:4a:7f:3f:9d:
                    85:94:7e:d6:1e:c2:a2:02:dd:82:64:bb:dc:f3:25:
                    be:be:70:f4:64:11:86:c5:fe:2b:29:c5:97:54:4f:
                    56:56:ce:00:b7:d8:e4:52:9e:6b:8a:77:9b:2c:00:
                    4d:b9:66:c7:73:0d:26:64:38:15:7c:19:bb:a5:31:
                    b8:76:b4:0c:b2:e3:75:8f:95:09:2f:41:00:a7:43:
                    40:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D1:A8:36:6C:21:15:9F:07:94:78:A9:03:08:43:FB:F6:06:31:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2de324-86c7-43d6-9df2-f8ae0dbc5df2/1/4NGoNmwhFZ8HlHipAwhD-_YGMbk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.30.0/23
                  194.127.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:36:f8:c2:c9:a5:61:57:fb:ea:09:5f:a9:52:7f:e4:2d:bd:
         b4:cc:3c:f8:32:5d:3b:1e:87:e5:3e:bc:7f:a9:a9:d9:3c:4a:
         53:1a:71:e2:1f:2b:ef:84:dc:ee:88:d7:8f:bf:67:12:89:17:
         55:92:13:d2:f2:e3:07:ad:66:d3:2b:1f:d9:f9:31:92:8f:01:
         a8:7d:18:f7:46:9f:d6:85:c0:e6:df:7f:8e:39:80:59:e8:e5:
         a8:aa:a0:67:71:74:32:2b:44:80:bc:ca:ce:e6:fc:31:fc:11:
         0c:ba:8b:bc:18:36:db:48:9e:82:dd:54:0e:83:19:be:64:e7:
         2e:84:cb:69:cd:9d:55:3d:60:77:a8:22:aa:44:98:b0:dc:ef:
         ce:04:48:d6:01:e4:12:02:56:94:dc:0b:15:7b:8d:12:e2:bd:
         4c:48:46:03:f4:d3:a4:f3:d2:12:97:20:21:87:15:1c:66:ae:
         ac:76:72:c2:75:8f:36:e3:39:9b:18:2b:53:1d:7b:f9:8d:88:
         0a:fc:03:d7:fb:a3:df:ce:d2:bc:46:53:7a:4a:4d:4a:fe:bd:
         1c:61:6a:dc:f7:89:db:e5:a9:9e:5e:f4:fc:a3:10:35:d6:95:
         2a:30:f5:a0:a4:33:6f:fc:48:e7:dc:90:bc:e3:3f:a3:51:15:
         d4:7d:94:7d
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzGS0eNCH4MnN01G8RLrYBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQxYTgzNjZjMjExNTlmMDc5NDc4YTkwMzA4NDNmYmY2MDYzMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcsu6zwZ6ywzn4gQ4tigtrfpKYpy
/99mHmx2ef3lgJEKVqQeZCqvZAjrmhD1kyiqC41Z/jT+r2fxnqDYALLutokMS/mQ
2qokbR++gV0mqHIUR1rUR2qrdo4q5BSLsX575ofhIDaTq5x/edSlVKMgPMmcXKaY
A1OWIE9azwYu/tYrPPed0j0lz7vxE8FTMi+SMKbyi1t462pNtDAgObCg2OTdBVlL
fybAo7x3t3a110p/P52FlH7WHsKiAt2CZLvc8yW+vnD0ZBGGxf4rKcWXVE9WVs4A
t9jkUp5rinebLABNuWbHcw0mZDgVfBm7pTG4drQMsuN1j5UJL0EAp0NATQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFODRqDZsIRWfB5R4qQMIQ/v2BjG5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5LzJkZTMy
NC04NmM3LTQzZDYtOWRmMi1mOGFlMGRiYzVkZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvMmRlMzI0
LTg2YzctNDNkNi05ZGYyLWY4YWUwZGJjNWRmMi8xLzROR29ObXdoRlo4SGxIaXBB
d2hELV9ZR01iay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBwkweAwQAwn+GMA0GCSqGSIb3DQEBCwUAA4IB
AQAlNvjCyaVhV/vqCV+pUn/kLb20zDz4Ml07HoflPrx/qanZPEpTGnHiHyvvhNzu
iNePv2cSiRdVkhPS8uMHrWbTKx/Z+TGSjwGofRj3Rp/WhcDm33+OOYBZ6OWoqqBn
cXQyK0SAvMrO5vwx/BEMuou8GDbbSJ6C3VQOgxm+ZOcuhMtpzZ1VPWB3qCKqRJiw
3O/OBEjWAeQSAlaU3AsVe40S4r1MSEYD9NOk89ISlyAhhxUcZq6sdnLCdY824zmb
GCtTHXv5jYgK/APX+6PfztK8RlN6Sk1K/r0cYWrc94nb5ameXvT8oxA11pUqMPWg
pDNv/Ejn3JC84z+jURXUfZR9
-----END CERTIFICATE-----